AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (1.1 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Cloud Platform Based Automated Security Testing System for Mobile Internet

Dan Tao( )Zhaowen LinCheng Lu
School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China.
Network and Information Center, Institute of Network Technology, Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, National Engineering Laboratory for Mobile Network Security, Beijing University of Posts and Telecommunications, Beijing 100876, China.
Show Author Information

Abstract

With respect to security, the use of various terminals in the mobile Internet environment is problematic. Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service (TaaS). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.

Keywords

virtualizationautomated security testingcloud platformMetasploit

References

[1]
Chen Z., Dong W. Y., Li H., Zhang P., Collaborative network security in multi-tenant data center for cloud computing, Tsinghua Science and Technology, vol. 19, no. 1, pp. 82–94, 2014.
Crossref Google Scholar
[2]
Pei S. W., Wu B. F., Zhu K., Yu Q., Novel software automated testing system based on J2EE, Tsinghua Science and Technology, vol. 12, no. S1, pp. 51–56, 2007.
Crossref Google Scholar
[3]
Wipro, Testing as a service, http://taas.wipro.com/index.aspx, 2013.
[4]
Kochhar P. S., Thung F., Nagappan N., Zimmermann T., Understanding the test automation culture of app developers, in 2015 IEEE 8th International Conference on-Software Testing, Verification and (Validation ICST), Graz, Austria, 2015.
Crossref
[5]
Lin Y. D., Yu S. C., Lai Y. C., Improving the accuracy of automated GUI testing for embedded systems, IEEE Software, vol. 31, no. 1, pp. 39–45, 2013.
Crossref Google Scholar
[6]
Liu C. H., Lu C. Y., Cheng S. J., Chang K. Y., Capture-replay testing for Android applications, in 2014 International Symposium on Computer, Consumer and Control (IS3C), Taichung, Taiwan, China, 2014, pp. 1129–1132.
Crossref
[7]
YiCeYun, http://www.yiceyun.com/, 2012.
[8]
Subashini S., Kavitha V., A survey on security issues in service delivery models of cloud computing, Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, 2010.
Crossref Google Scholar
[9]
Kennedy D., O'Gorman J., Kearns D., Aharoni M., Metasploit: The Penetration Tester's Guide. Beijing, China: Publishing House of Electronics Industry, 2013.
[10]
Metasploit project, https://en.wikipedia.org/wiki/MetasploitProject#MetasploitFramework, 2015.
[11]
Holik F., Horalek J., Marik O., Neradova S., Effective penetration testing with Metasploit framework and methodologies, in 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungray, 2014, pp. 237–242.
Crossref
[12]
Meng J. Q., Li A. P., The implementation of vulnerability scanning technique based on loading Nessus on Metasploit, Netinfo Security, no. 8, pp. 185–187, 2012.
Google Scholar
[13]
Django, https://en.wikipedia.org/wiki/Djangowebframework, 2015.
[14]
Odeh S., Al-Khatib Y., Computer resources as a cloud lab service, in presented at IEEE Global Engineering Education Conference (EDUCON), Marrakech, Morocco, 2012.
Crossref
[15]
Takala T., Katara M., Experiences of systerm-level model-based GUI testing of an Android application, in presented at IEEE International Conference on Software Testing, Berlin, Germany, 2011.
Crossref
[16]
How to we Nessus to dected system vulnerablility, http://www.shangxueba.com/jingyan/1632696.html, 2014.
Tsinghua Science and Technology
Volume 20 Issue 6,
December 2015
Pages 537-544
DOI: 10.1109/TST.2015.7349926
Cite this article:
Tao D, Lin Z, Lu C. Cloud Platform Based Automated Security Testing System for Mobile Internet. Tsinghua Science and Technology, 2015, 20(6): 537-544. https://doi.org/10.1109/TST.2015.7349926

487

Views

26

Downloads

8

Crossref

N/A

Web of Science

13

Scopus

0

CSCD

Altmetrics
Received: 13 July 2015
Revised: 28 September 2015
Accepted: 20 October 2015
Published: 17 December 2015
© The author(s) 2015
Return